[Geoserver-devel] [JIRA] (GEOS-11098) ENTITY_RESOLUTION_ALLOWLIST=auto to use URLCheck

Jody Garnett created an issue

GeoServer / WishGEOS-11098

ENTITY_RESOLUTION_ALLOWLIST=auto to use URLCheck

Issue Type:

WishWish

Assignee:

Unassigned

Components:

Security

Created:

09/Aug/23 2:12 AM

Priority:

MediumMedium

Reporter:

Jody Garnett

This issue is a follow up to https://osgeo-org.atlassian.net/browse/GEOS-10389 seeking to both enable this setting by default, and make use of the URLCheck funcitonality introduced.

Presently ENTITY_RESOLUTION_ALLOWLIST:

  • not defined: restrict local file system access
  • ENTITY_RESOLUTION_ALLOWLIST: allow www.w3.org schemas.opengis.net www.opengis.net inspire.ec.europa.eu/schemas
    - ENTITY_RESOLUTION_ALLOWLIST=server allows http and https connections to all of the above, and server

Add Comment

Add Comment

Get Jira notifications on your phone! Download the Jira Cloud app for Android or iOS


This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100233-sha1:7fb7fe8)

Atlassian logo